HackerTrans
TopNewTrendsCommentsPastAskShowJobs

hackideiomat

no profile record

Submissions

Domain Spoofing Vuln in Status Android Wallet

github.com
3 points·by hackideiomat·2 वर्ष पहले·1 comments

Excel World Championship [video]

youtube.com
3 points·by hackideiomat·3 वर्ष पहले·0 comments

comments

hackideiomat
·2 वर्ष पहले·discuss
This android wallet has an internal browser and it incorrectly strips www. from hosts. This also affects their permission system, meaning this is the perfect bug to phish users.

They didn't answer multiple mails in 30 days, so it's being disclosed.
hackideiomat
·2 वर्ष पहले·discuss
Don't get me wrong, I do use kagi. but it's not nearly what I wish it'd be.
hackideiomat
·2 वर्ष पहले·discuss
Maybe MetaGer if you can live with their quality
hackideiomat
·2 वर्ष पहले·discuss
Oh yes because of the CSP. The CSP that allows forms that can change your settings... you could easily use the above bug to get some impact with an additional click on a form's submit button.

Admittedly, no full XSS anymore, but still dangerous and shows their lack of understanding and caring about security.

It's not the only place you can inject HTML and not every page has a CSP...
hackideiomat
·2 वर्ष पहले·discuss
Go look at MetaGer, they solved that issue
hackideiomat
·2 वर्ष पहले·discuss
Ha, exactly! They rarely fix bugs.

E.g., XSS / HTML injection in summarizer or discuss document. Or their broken CSP which allows injecting forms to e.g., change settings.

They haven't fixed many reported issues in a while, and just to prove I'm not lying: https://kagi.com/discussdoc?url=https%3A%2F%2Fkagi.com%2Fcha...
hackideiomat
·2 वर्ष पहले·discuss
They do not take security and privacy seriously
hackideiomat
·2 वर्ष पहले·discuss
I don't want that?
hackideiomat
·2 वर्ष पहले·discuss
Well if you attack his friends, it's not okay, but if you go which death upon 'the leftists' he wouldn't say a thing, I bet
hackideiomat
·2 वर्ष पहले·discuss
Dude can move so many millions around I'd shit my pants if he tells me to die slow.
hackideiomat
·2 वर्ष पहले·discuss
[flagged]
hackideiomat
·2 वर्ष पहले·discuss
oh man I didn't know I'd hate this guy :D
hackideiomat
·3 वर्ष पहले·discuss
There's another tool like this called horcrux, which I find to be a better name personally.
hackideiomat
·3 वर्ष पहले·discuss
=cmd|' /C calc'!A0
hackideiomat
·3 वर्ष पहले·discuss
C is unsafe
hackideiomat
·3 वर्ष पहले·discuss
Don't you ever care about upsetting people who live in countries with unreasonable gun laws. Especially third world countries like the US.
hackideiomat
·3 वर्ष पहले·discuss
> a query for red shoes is mostly red shoes

well I get mostly black shoes lol

Edit: ah no, they just use half a page for shoe shops first with black shoes as logo??
hackideiomat
·3 वर्ष पहले·discuss
Sending network packets. Like, I send you a big array of bytes and you write it to a small buffer and therefore I overwrite unintended data.
hackideiomat
·3 वर्ष पहले·discuss
Right, there haven't been crazy Java exploits going around the past few months, only Rust and Go!
hackideiomat
·3 वर्ष पहले·discuss
Switch to security :)